[erlang-questions] DTLS example

pablo platt <>
Wed Mar 5 21:11:52 CET 2014


I first tried to copy just the ssl app from your new_crypto_dtls branch and
got the error in the previous email.
Now I tried to use your complete branch and it works
but I'm getting a bad match error somewhere else in my code when trying to
encrypt a media stream:

State = crypto:stream_init(aes_ctr, MasterKey, <<IVec/binary, 0:16>>),
{_State2, CipherText} = crypto:stream_encrypt(State, <<0:Size>>),

line error:
{crypto,stream_encrypt,2,[{file,"crypto.erl"},{line,776}

You said your ssl app prototype should be compatible with R16B01.
Shouldn't I be able to just copy the ssl app and use the crypto app in
R16B01?

Thanks




On Wed, Mar 5, 2014 at 6:22 PM, pablo platt <> wrote:

> Hi,
>
> I'm using R16B01.
>
> I'm getting an error even when adding the Ciphers:
>
> {{badmatch,{error,{options,{ciphers,[{ecdhe_rsa,aes_128_cbc,sha},{dhe_rsa,aes_128_cbc,sha},{rsa,aes_128_cbc,sha},{ecdhe_rsa,aes_256_cbc,sha},{dhe_rsa,aes_256_cbc,sha},{rsa,aes_256_cbc,sha},{ecdhe_psk,aes_128_cbc,sha},{dhe_psk,aes_128_cbc,sha},{ecdhe_psk,aes_256_cbc,sha},{dhe_psk,aes_256_cbc,sha}]}}}}
>
> Port = 5070,
> Ciphers = [{ecdhe_rsa, aes_128_cbc, sha},
>
>                 {dhe_rsa, aes_128_cbc, sha},
>                 {rsa, aes_128_cbc, sha},
>                 {ecdhe_rsa, aes_256_cbc, sha},
>                 {dhe_rsa, aes_256_cbc, sha},
>                 {rsa, aes_256_cbc, sha},
>                 {ecdhe_psk, aes_128_cbc, sha},
>                 {dhe_psk, aes_128_cbc,sha},
>                 {ecdhe_psk, aes_256_cbc, sha},
>                 {dhe_psk, aes_256_cbc,sha}],
>
> Options = [{versions, ['dtlsv1.2', dtlsv1]},
>                 {cb_info, ssl_udp},
>                 {reuseaddr, true},
>                 {active, false},
>                 {ciphers, Ciphers},
>
>                 {certfile,Cert},
>                 {keyfile, Key}],
> {ok, LSocket} = ssl:listen(Port, Options)
>
> Pablo
>
>
> On Wed, Mar 5, 2014 at 6:02 PM, Andreas Schultz <> wrote:
>
>> Hi Pablo,
>>
>>
>> ----- Original Message -----
>> > Now I'm getting an error:
>> > {error,{options,{ciphers,[]}}}
>> >
>> > When calling:
>> >
>> > Options = [{versions, ['dtlsv1.2', dtlsv1]},
>> > {cb_info, ssl_udp},
>> > {reuseaddr, true},
>> > {active, false},
>> > {certfile,Cert},
>> > {keyfile, Key}],
>> > {ok, LSocket} = ssl:listen(Port, Options).
>> >
>> > Do I need to pass ciphers to the ssl options?
>>
>>
>> I seems that DTLS was never tested without the ciphers.
>> option. In my project I use this list:
>>
>>      {ciphers,[{ecdhe_rsa, aes_128_cbc, sha},
>>                {dhe_rsa, aes_128_cbc, sha},
>>                {rsa, aes_128_cbc, sha},
>>                {ecdhe_rsa, aes_256_cbc, sha},
>>                {dhe_rsa, aes_256_cbc, sha},
>>                {rsa, aes_256_cbc, sha},
>>                {ecdhe_psk, aes_128_cbc, sha},
>>                {dhe_psk, aes_128_cbc,sha},
>>                {ecdhe_psk, aes_256_cbc, sha},
>>                {dhe_psk, aes_256_cbc,sha}]}
>>
>> > On Wed, Mar 5, 2014 at 12:46 AM, pablo platt <  >
>> wrote:
>> >
>> > Hi,
>> >
>> > I'm trying to use the dtls prototype from:
>> > https://github.com/RoadRunnr/otp/tree/new_crypto_dtls
>> >
>> > I'm getting an exception when trying to use a simple example.
>> > What am I doing wrong?
>> >
>> > Is there an example how to use this modified ssl app with R16 or R17?
>> > I see that the branch adds crypto:algorithms/0
>> > Is it the only modification needed except for the ssl app?
>>
>> No, Ingela started refactoring the SSL application and incorporating bits
>> of my
>> DTLS stuff after R16B01. So, you can not apply my modifications to
>> anything after
>> R16B01.
>>
>> Andreas
>>
>> >
>> > Thanks
>> >
>> > test
>> > ---------------
>> >
>> > init() ->
>> > Port = 5070,
>> > Cert = filename:join([dtls:priv_dir(webrtc), "cert.pem"]),
>> > Key = filename:join([dtls:priv_dir(webrtc), "key.pem"]),
>> > Options = [{versions, ['dtlsv1.2', dtlsv1]},
>> > {cb_info, ssl_udp},
>> > {reuseaddr, true},
>> > {active, false},
>> > {certfile,Cert},
>> > {keyfile, Key}],
>> > {ok, LSocket} = ssl:listen(Port,Options),
>> > spawn(?MODULE, accept, [LSocket]),
>> > {ok, #state{}}.
>> >
>> > accept(LSocket) ->
>> > {ok, Socket} = ssl_udp:accept(LSocket, 5000),
>> > Pid = spawn(?MODULE, loop, [Socket]),
>> > ssl:controlling_process(Socket, Pid),
>> > accept(LSocket).
>> >
>> > loop(Socket) ->
>> > inet:setopts(Socket, [{active, once}]),
>> > receive
>> > R ->
>> > error_logger:info_msg("~p~n", [R]),
>> > loop(Socket)
>> > end.
>> >
>> >
>> > exception
>> > ---------------------------
>> > {'EXIT',
>> > {function_clause,
>> > [{ssl_udp,call,
>> > [{sslsocket,nil,
>> > {<0.103.0>,
>> > {config,
>> > {ssl_options,
>> > [{254,253},{254,255}],
>> > verify_none,
>> > {#Fun<ssl.1.555667>,[]},
>> > false,false,false,undefined,1,
>> > <<"cert.pem">>,
>> > undefined,
>> > <<"key.pem">>,
>> > undefined,[],undefined,<<>>,undefined,undefined,
>> > undefined,undefined,undefined,
>> > [<<"À$">>,<<"À(">>,<<"À&">>,<<"À*">>,
>> > <<0,107>>,
>> > <<0,106>>,
>> > <<0,61>>,
>> > <<"À#">>,<<"À'">>,<<"À%">>,<<"À)">>,
>> > <<0,103>>,
>> > <<0,64>>,
>> > <<0,60>>,
>> > <<"À\n">>,
>> > <<192,20>>,
>> > <<0,57>>,
>> > <<0,56>>,
>> > <<192,5>>,
>> > <<192,15>>,
>> > <<0,53>>,
>> > <<"À\b">>,
>> > <<192,18>>,
>> > <<0,22>>,
>> > <<0,19>>,
>> > <<192,3>>,
>> > <<"À\r">>,
>> > <<0,10>>,
>> > <<"À\t">>,
>> > <<192,19>>,
>> > <<0,51>>,
>> > <<0,50>>,
>> > <<192,4>>,
>> > <<192,14>>,
>> > <<0,47>>,
>> > <<192,7>>,
>> > <<192,17>>,
>> > <<0,5>>,
>> > <<0,4>>,
>> > <<0,21>>,
>> > <<192,2>>,
>> > <<"À\f">>,
>> > <<0,9>>],
>> > #Fun<ssl.0.555667>,true,268435456,false,undefined,
>> > undefined,false,undefined,undefined},
>> > [{reuseaddr,true},{active,false}],
>> > {socket_options,list,0,0,0,false},
>> > [{reuseaddr,true},
>> > {packet_size,0},
>> > {packet,0},
>> > {header,0},
>> > {active,false},
>> > {mode,binary}],
>> > {ssl_udp,ssl_udp,udp_closed,udp_error}}}},
>> > accept,10000,infinity],
>> > [{file,"ssl_udp.erl"},{line,149}]},
>> > {dtls_test,accept,1,
>> > [{file,"src/dtls_test.erl"},{line,70}]}]}}
>> >
>> >
>> > _______________________________________________
>> > erlang-questions mailing list
>> > 
>> > http://erlang.org/mailman/listinfo/erlang-questions
>> >
>>
>> --
>> --
>> Dipl. Inform.
>> Andreas Schultz
>>
>> email: 
>> phone: +49-391-819099-224
>> mobil: +49-170-2226073
>>
>> ------------------- enabling your networks -------------------
>>
>> Travelping GmbH               phone:         +49-391-819099229
>> Roentgenstr. 13               fax:           +49-391-819099299
>> D-39108 Magdeburg             email:       
>> GERMANY                       web:   http://www.travelping.com
>>
>> Company Registration: Amtsgericht Stendal Reg No.:   HRB 10578
>> Geschaeftsfuehrer: Holger Winkelmann | VAT ID No.: DE236673780
>> --------------------------------------------------------------
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140305/3f556103/attachment.html>


More information about the erlang-questions mailing list